A risk analysis is the search for hazards and the estimation of the probabilities and severities of any resulting harm.
When the term risk analysis is used, it often refers to a hazard analysis.
To identify the risks, medical device manufacturers must fulfill the following requirements:
The general page on risk management and ISO 14971 provides an overview of all activities in the risk management process and the legal requirements.
ISO 80001-1 is also relevant for hospitals.
The objective of risk analysis obviously is to identify risks.
The first step is to search for hazards based on the intended purpose, the safety-relevant characteristics of the device, and, if applicable, its design.
The hazard analysis procedures are recommended for this purpose:
Risks are combinations of the probability of occurrence and the severity of harm. Both must, therefore, be assessed in this step.
Based on risk acceptance, manufacturers decide on the acceptability of individual risks and, later on, the acceptability of all (residual) risks.
Strictly speaking, this step no longer counts as risk analysis.
Our tips on risk analysis for software have become so extensive that we have dedicated a separate article to them.
One hazard can lead to several risks, as the following example shows.
If a hospital information system has incorrectly saved a laboratory value as negative instead of positive and the doctor, therefore, administers the wrong medication, a patient may come to harm. The patient may die or “only” suffer from nausea.
Depending on your definition of the harm classes, the first harm (death) could be defined as catastrophic, and the second (nausea) as minor. However, both harms have a different probability.
ISO 14971 requires that the personnel responsible for risk management have the necessary qualifications.
As soon as the risk are identified and assessed, these risks must be mitigated as described in this article.
Outsourcing risk management to service providers. Wouldn’t that be convenient? But is that allowed? And how much sense does it make anyway? Conversely, what should you as a service provider not be burdened with under any circumstances? This article provides the answers. It suggests how manufacturers and service providers can divide their activities and gives…
DetailsIEC 80001-1 has the long title “Application of risk management for IT-networks containing medical devices – Part 1: Tasks, responsibilities and activities“. This article reveals what the standard requires and why manufacturers should also consider it. 1. About DIN EN IEC 80001-1 a) Objectives of DIN EN IEC 80001-1 The standard aims to help minimize…
DetailsLaws and standards formulate requirements on how medical device manufacturers must define and document the development process. Notified bodies check these requirements during audits. This article on the development process provides tips on how to design the process and how to align it with other processes, such as the risk management process. 1. Development process:…
DetailsThis article identifies the seven most common risk management errors that Johner Institute and its auditors encounter most often. It also offers advice on how to avoid these errors. Risk management is among the most important requirements medical device manufacturers must meet. Therefore, it is important that they avoid risk management errors. 1st error class:…
DetailsThe probability of software defects is difficult to estimate. It’s so difficult that the “old” DIN EN IEC 62304:2006 wrote: “However, there is no agreement on how to determine the probability of the occurrence of software failures using traditional statistical methods.” The standard concluded that “the probability of such a malfunction must be assumed to…
DetailsThe process FMEA (pFMEA) is a method for the systematic analysis of risks resulting from failure modes in processes, such as device production and cleaning. Laws, such as the MDR, and standards, such as ISO 13485, require medical device manufacturers to identify and control such process risks. 1. What the pFMEA is a) The pFMEA is a…
DetailsSoftware risk analysis depends on the following: Software itself cannot cause harm. It always happens via hardware or people. However, this does not mean there is no need for risk analysis in software. The opposite is the case! What distinguishes risk analysis for software from other medical devices In the case of (standalone) software, harm…
DetailsFault Tree Analysis is a procedure used to search for unknown causes of known effects (in the case of medical devices, harms or hazards). It, therefore, counts as a top-down procedure in risk analysis. Fault Tree Analysis: Notation The name Fault Tree Analysis already clarifies how it is represented graphically: As a tree. Both mind…
Details
Privacy Preference
We need your consent before you can continue on our website. If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. You can revoke or adjust your selection at any time under Settings.
Privacy Preference
If you are under 16 and wish to give consent to optional services, you must ask your legal guardians for permission. We use cookies and other technologies on our website. Some of them are essential, while others help us to improve this website and your experience. Personal data may be processed (e.g. IP addresses), for example for personalized ads and content or ad and content measurement. You can find more information about the use of your data in our privacy policy. Here you will find an overview of all cookies used. You can give your consent to whole categories or display further information and select certain cookies.